Password security tips have been shoved down our throats so many times that they have become platitudes. The problem this is that with familiarity comes complacency,apathy and restfulness.
Even though we are told to never use the same password for two different services, a lot of people myself included, disdainfully ignore the advice using the same password for Twitter and Facebook.
We all know you shouldn’t use a dictionary word as a password yet a lot of people still have the nerve to use their pet’s names, cousin’s name, girlfriend’s name (may the guilty please stand up), wife, your birthday (yeah we know you pin), “password”, “password1”, “12345”, nxa! some people will never learn.
Then there are those security breaches that are as much your fault as the service providers’. For example, even though you heard about Heartbleed you did nothing about your password.
Did you know a Russian hacker gang (CyberVor) recently stole about 1.2 billion passwords and collected a further 4.5 billion credentials from over 420 000 websites and FTP sites?
According to the company that discovered the breach, Holder Security, the criminals did not discriminate against small companies in favour of big companies- Everyone was fair game.
The dumb hope of some Zimbabweans, even in the face of all the random hacks that have hit local sites, that they will not be targeted is just a product of their naiveté.
Needless to say you should change your password (I mean a new password not the one you used before Heartbleed, people should really stop recycling passwords) and switch on two factor authentication where it’s available.
More importantly you should use a password manager application.
The hallmarks of a good password manager are :
- Easy to use and intuitive interface (almost all managers score well on this front)
- Well supported and widely used – With the widely used ones you will be assured that the app will be there tomorrow (it sucks to have the production of your favourite app discontinued overnight) and bugs can be swatted quickly as soon as they appear.
- Cheap – Can you really trust some random guy to store your important passwords for free? What does he get from it? Call it paranoia but I prefer to pay for my password app.
- Multiple device support – These days it means you can use it on your PC and across all devices e.g. Android and iOS.
- Browser integration- Nothing sucks as much as discovering your chosen password manager does not support your favourite browser(who uses the UC browser anyway?)
- Cloud syncing -You want your passwords in the cloud and synced across devices too. This requirement acts against GPL licensed password managers that tend to be locally installed only.
Quick Comparison of popular password managers
NAME | PRICE | OS SUPPORT | BROWSER INTEGRATION | CLOUD SYNC | REMARKS |
LastPass | $12/Year | Windows, Android, iOS and OSX | Yes | Yes | Yubi Key,Finger print support, two factor authentication |
1Password | $34.99 | OSX,Windows, Android, iOS | Yes | Yes | Family licences |
RoboForm | $9.95/Year1 | Windows,Linux,Android,OSX,iOS,Windows Phone | Yes | Yes | Supports all platforms,$19,95 from year 2, fills forms too |
Mitto | Free | All platforms via browser | Yes | Yes | Only works on standard browsers |
F-Secure | €1.62/month | OSX,Windows, Android, iOS | Yes | Yes | $16/year |
As you might have guessed form the article image I use LastPass because of price and mobile support. RoboForm is not bad either and if you are a family or SME you might be tempted by 1Password’s family licences.
There are a lot of managers out there, some better than others. If you think I missed an awesome password app that you use please feel free to mention it in the comments below.
5 comments
one point of weakness not a good idea. rather contend with remembering my passwords.
the best way is to group your passwords into categories on a platform basis i.e
have passwords for
1. free-email i.e gmail/yahoo
2. passwords for social sites
3. passwords for work/business emails i.e name@companyname.com
you can add intuitive extras with the passwords ending with the name of the website i.e
say your password for social media sites is kedo1920L you can make it kedo1920Lfacebook for your facebook account and ending with the name twitter for your twitter account.
another better idea would be for companies to bring biometric security to email
let all phones and electronic devices have a biometric security component
Great article, thank you! I use RoboForm because it’s just the easiest interface to use I think. Plus they’re always running promotions for discounts on renewals on their facebook page.
Ahsan
Ascendo DataVault is worth checking out.